The Miva store has a flaw where tax calculation can be bypassed.
1d01c13dc921e88b57fdf3d00029318da56b748446d547d8daef6d751bd9f727PHP Poll Creator version 1.01 is susceptible to a remote file inclusion vulnerability.
5c581ce9d2cf8550744e983f08d2abe424320521a65513d2ece38d043791b222JavaMail API versions 1.13, 1.2, and 1.3 are susceptible to multiple information disclosure vulnerabilities.
c3cb47c8dc22584e271b8f68818d84e69de37fd589266e971b46fb4442a3a31diDEFENSE Security Advisory 05.24.05-5 - Remote exploitation of a denial of service vulnerability in Ipswitch Inc.'s Imail IMAP server allows attackers to crash the target service thereby preventing legitimate usage. Version 8.13 and 8.12 are confirmed vulnerable. Earlier versions may be susceptible as well.
d455c61f41de713d78f506feae80b9cdb938e88634bbc2cb59c35860836cbccfiDEFENSE Security Advisory 05.24.05-4 - Remote exploitation of a directory traversal vulnerability in Ipswitch Inc.'s Imail Web Calendaring server allows attackers to read arbitrary files with System privileges. Version 8.13 is confirmed vulnerable. Earlier versions may be susceptible as well.
c2412685d9447765878e88f041d94055c3ae9b7b48aaecf6311d4da8eea532c7iDEFENSE Security Advisory 05.24.05-3 - Remote exploitation of several buffer overflow vulnerabilities in Ipswitch Inc.'s Imail 8.13 IMAP server allows attackers to execute arbitrary code with System privileges. The first vulnerability specifically exists in the handling of a long username to the LOGIN command. A long username argument of approximately 2,000 bytes will cause a stack based unicode string buffer overflow providing the attacker with partial control over EIP. As this vulnerability is in the LOGIN command itself, valid credentials are not required. Version 8.12 is confirmed vulnerable. Earlier versions may be susceptible as well.
9f4c8c937937e246b73f6c5f56b49c2fa4b93c73ae1086201553c84363cd706diDEFENSE Security Advisory 05.24.05-2 - Remote exploitation of a denial of service (DoS) vulnerability in Ipswitch Inc.'s 8.13 IMail IMAP daemon allows attackers to cause 100 percent CPU use on the server, thereby preventing legitimate users from retrieving e-mail.
a5edfc0b27df6ff1737295a9fee8adc88a51d14e0d51929410345acc43a5b540iDEFENSE Security Advisory 05.24.05-1 - Remote exploitation of a buffer overflow vulnerability in Ipswitch Inc.'s Imail 8.13 IMAP server allows attackers to execute arbitrary code with System privileges. The vulnerability specifically exists in the handling of a long mailbox name to the STATUS command. A long mailbox name argument will cause a stack based buffer overflow, providing the attacker with full control over the saved return address on the stack.
b52c4eafcf24128417eb48204d02e859bd572c5f3adf53efcaf617cddcf64290A vulnerability in Halo: Combat Evolved versions 1.06 and below and Custom Edition 1.00 can be exploited by malicious people to cause a DoS (Denial of Service).
3bac6e930e7192cb2524eed969e3949d1fcc3673e20aaafdb5adefd1f157937fLocal exploit for Exim 4.40.
3adad43468cfdfd5ed6651714bdec7ccbbcdfc0f919cf2bda7401afbde47c960Spread The Word, a Comersus based bookstore, is susceptible to multiple cross site scripting and SQL injection flaws.
57696cdb63045dd868bfebec4811e33ab2334d0c93c9fda6c902d855e90e7acfWebLogic Server and WebLogic Express, Service Pack 4, are susceptible to cross site scripting flaws.
2619b3310f3c47e89eec1626a229bb5d830f5decc8011308daf41b04d6db1c6aWebLogic Server and WebLogic Express, Service Pack 4, suffer from an HTML injection vulnerability.
4e1a06fc9b94d88a2cec7ac59f0f8068f2d468c16b54bafaf9f0330407427003GForge versions below 4.0 suffer from a remote code execution flaw.
77fe7ff7bd06b439229afd0c78e13bddeb8127ba34471e9eb815bd3617ef2cc6Blue Coat Reporter 7.1.1.1 suffers from privilege escalation, HTML injection, and cross site scripting flaws.
0e820990b63dcfc03f6876ce9d4006e72b5302f20bb062b66e2d40e08bccc29bThe Zyxel Prestige 650R-31 ADSL router is susceptible to a denial of service attack using fragmented packets.
3da030dc02b25df10685ac38fd1f25703236e1b26958917084213d417472f0efSambar Server 6.2 is susceptible to multiple cross site scripting flaws.
fd9a1e7e059ac74e0f65f85e40b9cd8ce78d46a468b43363cb4a92ba0d13f957net-snmp fixproc contains a security flaw that allows a malicious local attacker the ability to execute arbitrary commands with root privileges.
e45fb19f19ec442e148803aa640b440b3b0b5470ff6e7fbd34aec296f42a3019Warrior Kings 1.3 and below and Warrior Kings: Battles 1.23 and below suffer from format string vulnerabilities.
f404dcbc41bc0647bdb271e3dc2e805c773c4f7afe035d0b957a73eae9ffdafdComputer Associates Vet library provides antivirus scan engine capabilities. Vet scan engines allow products to analyze various streams for malware. Vet is vulnerable to an integer wrap during the analysis of an OLE stream. The integer wrap causes an arbitrary heap overflow with no character restrictions allowing remote attackers control of the system(s) Vet is protecting.
c4e6ac4f3f3118a3c7dcd8f30132e256ee811e86703d139084b225e408b0b4fcINMOLUXE Premium 2.0 is susceptible to SQL injection attacks.
586957eb4953b9a8f1421bf4a9446c2210452bb208317345005ecfb2ee733984Cookie Cart Shopping is susceptible to remote password hash extraction.
0ce1029e80556b205972414f257b404113a48da5ea46e74dc6f33b41af192ce7PortailPHP version 1.3 suffers from SQL injection flaws.
720340569373ed8a8af7f1e29cc638016faeb2e67cd06a0c6304b37d7526da84This proof of concept explains how Microsoft WGA validation check can be defeated and any Microsoft product with the WGA validation feature can be run and installed on machines running a pirated copy of Windows XP.
f0ce619089e25cac5ce67e00f1bbdd6bcafd35a9367e9e68693cf0d792c122b2Postnuke versions 0.760RC3 and below suffer from SQL injection attacks.
d3af81e0fc22d49f4eaec7866a406567c5653a2db0e52361ec350a5075b14188
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed